Upon accessing the URL of the provided lambda function in the challenge, we obtain an aws_access_key_id, an aws_secret_access_key, and an aws_session_token. These can serve as temporary credentia...

Challenge 1 : Positive This challenge proved to be fairly straightforward as we were provided with two smart contracts, namely Setup.sol and Positive.sol. Within the setup contract’s constructor, ...

By analyzing the executable using PE bear, it becomes evident that it solely imports three DLLs: kernel32.dll, user32.dll, and gdi32.dll. This suggests that either the executable is packed or some ...

In this post, I will provide an in-depth technical analysis of an application portraying itself as TikTok Pro which is a dangerous spyware. APK Metadata Malware sample: here MD5: 9fed52ee7312e2...

In this post, I will provide an in-depth technical analysis of Dark Crystal RAT, a backdoor written in C#. File Metadata Malware sample: here MD5: b478d340a787b85e086cc951d0696cb1 SHA256: 8d...

In this post, I will provide an in-depth technical analysis of a malicious android application that steals cookies from the browser and sends them to a C2 server. APK Metadata Malware sample: he...

In this post, I will provide an in-depth technical analysis of the malicious Android application known as “Free Followers,” specifically focusing on its ransomware functionality. APK Metadata Ma...

Below are my write-ups for the Pokeball Escape and Bleep challenges that were part of UMDCTF 2023. Pokeball Escape After decompiling the Pokeball Escape application using JADX, we get the follo...

Overview Packed Sample : https://bazaar.abuse.ch/sample/03b9c7a3b73f15dfc2dcb0b74f3e971fdda7d1d1e2010c6d1861043f90a2fecd/ Unpacked Sample : https://bazaar.abuse.ch/sample/d3c75c5bc4ae087d547bd722...

Description WarZone is a Remote Access Trojan (RAT) that is sold on a publicly available website, as a Malware-as-a-Service. MD5: 48FF98ED6AE74DA9C1FEF59B40699BAE SHA256: 4537FAB9DE768A668AB4E72A...